Although we weren’t planning to send another Internet ScamBusters in 1997, we read about the following scam in Danny Sullivan’s excellent newsletter, The Search Engine Update, in the Dec. 22, 1997, issue (Number 19). We thought this information would benefit Internet ScamBusters subscribers, so we asked Danny for permission to reprint his article. He graciously agreed.

This article was written by Danny Sullivan, Editor, Search Engine Watch. It is (c) Copyright 1997 Mecklermedia, and Reprinted With Permission. Visit http://searchenginewatch.com

Here it is:

Scam: Fake Yahoo “Award”
Message Scam, Virus Scare.

First, a few Yahoo users were told they’d been exposed to a virus. Then, some users were tricked out of their credit card details by someone pretending to work for Yahoo.

On Dec. 8, some people saw a virus warning message left behind in the Yahoo site by hackers. The message said anyone who had visited the site within the last month was infected with a virus that would activate on Christmas Day. Yahoo says there is no such virus, and that the threat is a hoax.

Next, on Dec. 12, someone took advantage of Yahoo’s free e-mail service to dupe people into sending them credit card details.

An official sounding message was sent out to an unknown number of people telling them they had won a free 56K modem. To collect their “prize,” they were told to send a credit card number to cover a $5 shipping fee.

Yahoo estimates less than 100 people were tricked this way. It is trying to contact all victims and is investigating the crime.

The key to the scam’s success was the use of the official sounding “contest_winner@yahoo.com” e-mail address.

Anyone can open a free Yahoo e-mail account with fake personal details. This provides them with an address that ends with @yahoo.com, which until the new service began, was a format only available to Yahoo staff. Yahoo chose to make the address widely available to reinforce its brand.

After the new service began, Yahoo corporate addresses changed to a @yahoo-inc.com format. However, many people don’t realize this. Thus, it was only a matter of time before someone took advantage of the confusion to pretend they were from Yahoo.

In this scam, a different e-mail account was used to send the message, and the Yahoo address was used to receive messages.

Anyone who receives suspicious e-mail that appears to be from Yahoo is asked to forward the message to abuse@yahoo.com. The service also provides these tips to avoid fraud. Look out for:

Subscribe to Internet ScamBusters:

Don't Get Scammed!

Many scammers are very cunning, so being smart is NOT enough to protect yourself. Every day smart subscribers thank us saying they would have been scammed if they didn't subscribe to ScamBusters. Don't take a chance.
Subscribe FREE to ScamBusters, a public service and the #1 publication on Internet fraud.